Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
1. able to add/manage domains, ssl cert management, manage DNS records 2. able to manage email accounts and anti-spam settings 3. able to add/manage mysql and pgsql (nice to have) 4. user management - ftp/ssh accounts, password change, etc. 5. nice to have: add a wordpress blog / xcart store to a site 6. nice to have: users have own login to do some of the above for their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
+1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it.
On 23/02/11 16:24, Lucian wrote:
On Wed, Feb 23, 2011 at 2:49 PM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote: +1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it.
That one user with more than 100 installations haven't experienced security issues with a product doesn't mean that there is no security issues.
It can just as much mean nobody tried to hack any of those installations, or that they have tried but not succeeded yet, or that there are no security issues ... but to distinguish this, then you need to have more solid arguments than "I haven't experienced it" ... because you might not have experienced it _yet_.
kind regards,
David Sommerseth
On Wed, Feb 23, 2011 at 5:18 PM, David Sommerseth dazo@users.sourceforge.net wrote:
That one user with more than 100 installations haven't experienced security issues with a product doesn't mean that there is no security issues.
I absolutely agree. Didn't want to imply Webmin is "unhackable"; it's just not that bad as some people say it is.
On 2/23/2011 12:18 PM, David Sommerseth wrote:
That one user with more than 100 installations haven't experienced security issues with a product doesn't mean that there is no security issues.
It can just as much mean nobody tried to hack any of those installations, or that they have tried but not succeeded yet, or that there are no security issues ... but to distinguish this, then you need to have more solid arguments than "I haven't experienced it" ... because you might not have experienced it _yet_.
kind regards,
David Sommerseth
You are right David. The more you run on a server, the more you are vulnerable. That said, every control panel I have read about also has a history of security issues. So does just about every other 'server' application at one time or another. Each time this discussion comes up, security is mentioned. I don't want to start something here... I run some sendmail servers and some postfix servers. I find it odd that folks talk about the long history of security issues with sendmail. Well, sendmail has a "long history". Postfix does not. Both seem to address any issues rapidly and that is what matters. Both seem to be very robust.
There is another real world side to this. There is always some percentage of a chance that you will be taken down due to a security issue. There is always a percentage of a chance that you will be taken down by a system admin that lacks experience in some area. I would say system admins break things far more often than the outside world. And, in the real world of hosting, we are constantly 'pressed' for a 'Control Panel'. Clients simply expect it these days. I would dare say that those 'percentages' of uptime are greater with a control panel and an average admin, and any security issues that come with that, vs. no control panel and maybe a really dumb thing being done by someone. Heck, I'm generally my own worst enemy on my systems. Not that the outside world hasn't done some things to me over the years.
Still a good point David. Adding anything like this does provide other ways in. I can say that having been on the Webmin list for about 7 or 8 years, very rarely has there been something critical to address. Most have been compatibility issues with various OSs.
John Hinton
+1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it.
Thanks for all the posts.
Curious about the "people will brag that it's insecure" - is there a poor track record of security problems with webmin?
I noticed these:
http://www.webmin.com/security.html http://tensixtyone.com/perma/woes-of-webmin http://doxfer.webmin.com/Webmin/SecuringWebmin
I certainly don't plan to allow access to webmin save for a couple selected IP's and I'm not surprised to see any web application have security vulnerabilities. But if it's on par with something like phpbb as far as security problems go, I'll probably look elsewhere.
Josh
On 2/23/2011 2:04 PM, Trutwin, Joshua wrote:
+1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it.
Thanks for all the posts.
Curious about the "people will brag that it's insecure" - is there a poor track record of security problems with webmin?
I noticed these:
http://www.webmin.com/security.html http://tensixtyone.com/perma/woes-of-webmin http://doxfer.webmin.com/Webmin/SecuringWebmin
I certainly don't plan to allow access to webmin save for a couple selected IP's and I'm not surprised to see any web application have security vulnerabilities. But if it's on par with something like phpbb as far as security problems go, I'll probably look elsewhere.
No where close! And I know that from a few phpbb installs being hacked on some of my webmin servers. LOL!!!
John Hinton
Josh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I certainly don't plan to allow access to webmin save for a couple selected IP's and I'm not surprised to see any web application have security vulnerabilities. But if it's on par with something like phpbb as far as security problems go, I'll probably look elsewhere.
No where close! And I know that from a few phpbb installs being hacked on some of my webmin servers. LOL!!!
Haha same (pristing phpbb, latest source, hacked in weeks). I don't even know what to compare to phpbb - phpnuke maybe? I won't even bother mentioning a certain DNS server as it's already being discussed ad nauseum. :)
Anyway - OT now. Appreciate the feedback on the thread, I have some research to do...
Josh
On Feb 23, 2011, at 2:04 PM, "Trutwin, Joshua" JTRUTWIN@CSBSJU.EDU wrote:
+1 for Virtualmin. People will brag that it's insecure etc, but it has always done the job for me and I have more than 100 installations of it. I never had security problems because of it.
Thanks for all the posts.
Curious about the "people will brag that it's insecure" - is there a poor track record of security problems with webmin?
I noticed these:
http://www.webmin.com/security.html http://tensixtyone.com/perma/woes-of-webmin http://doxfer.webmin.com/Webmin/SecuringWebmin
I certainly don't plan to allow access to webmin save for a couple selected IP's and I'm not surprised to see any web application have security vulnerabilities. But if it's on par with something like phpbb as far as security problems go, I'll probably look elsewhere.
One nice thing, depending on how you look at it, about webmin is it's in Perl so it's easy to customize and audit (if you have enough time).
You could conceivably strip it down to the bare essentials needed and audit it line by line to give you some comfort level. Then run it with selinux enabled and everything properly labeled so if someone does break it they can't get too far.
Just make sure for Internet facing services it isn't setup to allow access to essential system configs, where even selinux wouldn't help you.
-Ross
On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo’d running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I’m also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
- able to add/manage domains, ssl cert management, manage DNS records
- able to manage email accounts and anti-spam settings
- able to add/manage mysql and pgsql (nice to have)
- user management - ftp/ssh accounts, password change, etc.
- nice to have: add a wordpress blog / xcart store to a site
- nice to have: users have own login to do some of the above for their
domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to
pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
How many domains do you need to manage that cPanel is too expensive?
Have you looked at the free alternatives, like: ehcp Webmin + Virtualmin vhcs ISPConfig etc?
On 11-02-23 09:49 AM, Trutwin, Joshua wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
I recently ran across DTC (gplhost.com). It seems to have all the major bells and whistles, but I have not made it far enough down the "Back Burner Todo List" to actually check it out myself yet.
Originally, I heard about it on FLOSS Weekly on the Twit Network: http://twit.tv/floss144
Andy
On 2/23/2011 9:49 AM, Trutwin, Joshua wrote:
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
Josh,
I have been running webmin/virtualmin/usermin for a number of years. A few things factored into my decision. The main one was I didn't want to be stuck inside of a 'box'. So far, 'almost anything' you want to do via command line has no interference with what is done via the interface. Also, within most of the modules, is the ability to simply open the config files for the service and do direct edits. The Webmin project is very active. If you have a problem or perceived bug, and no one else gets around to answering, you will normally hear back from Jamie Cameron the man behind it all, within hours of making a post. That is very rare these days. Basically, I find the system very flexible and highly configurable. In fact, there are several of my ideas for the system that have been put into place. In fact one, years ago, was to get the CentOS OS recognized within the system and it was done and of course still does.
The downside is that the interfaces are a bit geeky. One thing I would like to see is a total rewrite of all the module interfaces in Usermin in an attempt to better define things for the layman. Yes, the end user can do things that you allow. No, most end users won't really understand what they're trying to do. I think those 'boxes' in Plesk and cPanel better address those items due to the nature of 'boxes'. When I say 'boxes', I'm referring to the Windows world config boxes that pop up forcing you down a particular road with no method for customizations.
John Hinton
On Wed, Feb 23, 2011 at 6:47 PM, John Hinton webmaster@ew3d.com wrote:
The Webmin project is very active. If you have a problem or perceived bug, and no one else gets around to answering, you will normally hear back from Jamie Cameron the man behind it all, within hours of making a post. That is very rare these days.
Yup, their support is awesome, at least this was my experience.
On Wed, Feb 23, 2011 at 4:49 PM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo’d running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I’m also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
- able to add/manage domains, ssl cert management, manage DNS records
- able to manage email accounts and anti-spam settings
- able to add/manage mysql and pgsql (nice to have)
- user management - ftp/ssh accounts, password change, etc.
- nice to have: add a wordpress blog / xcart store to a site
- nice to have: users have own login to do some of the above for their
domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to
pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hey there, some are run with ispconfig some with cPanel , some use DirectAdmin control panel , DirectAdmin which proven itself to be a reliable hosting panel "layman friendly" , would be my suggestion. if you are talking about hosting your own stuff, it won't be needed ,but when it comes to providing third party access to the account, cPanel or DirectAdmin are the best choice.
Trutwin, Joshua wrote:
Hello all,
Hi, Josh. The CentOS lists are really not the appropriate place for this thread. No doubt there are many members of the CentOS community who can and will help. However, I'm quite certain that CentOS is wholly separate from the other, so threads on the CentOS lists should only pertain to CentOS. Perhaps those willing to assist you might contact you personally. Just a friendly suggestion from a user.
Regards.
On Thu, Feb 24, 2011 at 3:55 AM, Garry Dale garry.dale@gmail.com wrote:
Trutwin, Joshua wrote:
Hello all,
Hi, Josh. The CentOS lists are really not the appropriate place for this thread. No doubt there are many members of the CentOS community who can and will help. However, I'm quite certain that CentOS is wholly separate from the other, so threads on the CentOS lists should only pertain to CentOS. Perhaps those willing to assist you might contact you personally. Just a friendly suggestion from a user.
Regards. _______________________________________________
Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way.
As per your definition, the list should have been much much quieter and stuff like Gnome, KDE, web cams, etc, etc, etc should then also be removed from the list?
On 02/24/11 12:42 AM, Rudi Ahlers wrote:
Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way.
As per your definition, the list should have been much much quieter and stuff like Gnome, KDE, web cams, etc, etc, etc should then also be removed from the list?
yes, in fact.
this list is intended to be for things that are specific to CentOS and not generic to Linux, or even generic to RHEL. Now, if webmin worked in RHEL5 but didn't work in CentOS, that could be a good on topic discussion.
My centos system runs apache and php and postgres, and on top of that I'm running drupal, and I'm having some problems with my theme template CSS. hey, its on centos, shouldn't I discuss that here? Most certainly NOT.
On Thu, Feb 24, 2011 at 8:56 AM, John R Pierce pierce@hogranch.com wrote:
On 02/24/11 12:42 AM, Rudi Ahlers wrote: My centos system runs apache and php and postgres, and on top of that I'm running drupal, and I'm having some problems with my theme template CSS. hey, its on centos, shouldn't I discuss that here? Most certainly NOT.
John,
Agreed. The problem is the community around Centos is quite large and we need sometimes to ask for other's opinion regarding adjacent subjects. Who else are we going to ask? We need an offtopic@centos.org list.
On 2/24/11 2:42 AM, Rudi Ahlers wrote:
Garry, what the OP has asked has a lot todo with CentOS. He's looking for a web based management tool-set to manage his CentOS server, by the way.
If you just want to manage 'a server' through a web interface, you might like ClearOS, which is mostly Centos components under the covers. But I don't think it handles virtual servers underneath it. Webmin is OK for what it does and can keep you from making some stupid typos in the config files, but you still have to understand what each program and all of its options do.
On 2/23/2011 9:49 AM, Trutwin, Joshua wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
- able to add/manage domains, ssl cert management, manage DNS records
- able to manage email accounts and anti-spam settings
- able to add/manage mysql and pgsql (nice to have)
- user management - ftp/ssh accounts, password change, etc.
- nice to have: add a wordpress blog / xcart store to a site
- nice to have: users have own login to do some of the above for
their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to
pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I currently use virtualmin GPL. There are a few features that are kept in virtualmin pro...i have one server that runs pro..i have another that runs virtualmin gpl.
Am 24.02.11 14:17, schrieb William Warren:
On 2/23/2011 9:49 AM, Trutwin, Joshua wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo'd running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I'm also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
- able to add/manage domains, ssl cert management, manage DNS records
- able to manage email accounts and anti-spam settings
- able to add/manage mysql and pgsql (nice to have)
- user management - ftp/ssh accounts, password change, etc.
- nice to have: add a wordpress blog / xcart store to a site
- nice to have: users have own login to do some of the above for
their domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to
pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I currently use virtualmin GPL. There are a few features that are kept in virtualmin pro...i have one server that runs pro..i have another that runs virtualmin gpl.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
plesk *eg*
scnr :)
On Wed, Feb 23, 2011 at 9:49 AM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo’d running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I’m also just going to use the
<snip>
Josh: I would suggest you create a thread like this, in one of the sub forums, on WebHostingTalk.com
I realize that your friend does not want to spend the $ for cPanel, which, BTW, has an excellent reputation for their Support. As an end user of Shared Hosting, now using cPanel, after 10+ years on Ensim Shared Servers, IMHO, cPanel is what your friend needs, to get more customers. If your friend is going to provide free web hosting, that's one thing, but if he is looking for clients who pay him, cPanel is the most popular CP out there. My interest is in the content of my web sites, and cPanel has things in it that I truly appreciate. GL Lanny.
On Wed, Feb 23, 2011 at 8:19 PM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo’d running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I’m also just going to use the
Joining the discussion somewhat late.
I have not seen OPENLSM mentioned in any of the responses.
http://openlsm.sourceforge.net/features.php
It is on my "back burner 2 do list" so I have not had a chance to use it and comment on it.
Take it for a spin and see if it meets your requirements.
-- Arun Khan
Also check http://en.wikipedia.org/wiki/Comparison_of_web_hosting_control_panels
The bluequartz/blueonyx projects currently target CentOS as its platform. It is the based off the code used for the old Sun Cobalt appliances.
On Wed, Feb 23, 2011 at 9:49 AM, Trutwin, Joshua JTRUTWIN@csbsju.edu wrote:
Hello all,
I'm looking to setup a new CentOS box for a buddy of mine who wants to do hosting on a server via CoLo, Years ago I whipped up a CP of my own on a Debian box he colo’d running a basterdized qmail/tinydns and custom built httpd/mysql/etc (I was young). It worked ok but time to move on and I don't have time to maintain all those packages. I also don't have time to write another CP or port my PoS to it. I’m also just going to use the
default packages (bind, postfix, etc) instead of the DJB stuff.
Main requirements are fairly straightforward:
- able to add/manage domains, ssl cert management, manage DNS records
- able to manage email accounts and anti-spam settings
- able to add/manage mysql and pgsql (nice to have)
- user management - ftp/ssh accounts, password change, etc.
- nice to have: add a wordpress blog / xcart store to a site
- nice to have: users have own login to do some of the above for their
domain only 7. nice to have: integrated website stats (awstats or equiv) 8. not optional - should have a focus on security
Stuff like viewing logs, automated billing, hosting plans, managing backups, bandwidth monitoring, uploading web pages, managing server patches, adding new software, etc. I don't mind leaving off or doing myself. Willing to
pay a license, but not a huge budget.
I was leaning towards webmin/virtualmin but thought I'd check with this list for any suggestions. Had bad experiences with Plesk from a while ago so leaving that off the table. We have experience with cPanel through another fail host, it's ok but too much stuff and too expensive.
Josh
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Andy Hull -
Arun Khan -
Atopian -
David Sommerseth -
Garry Dale -
John Hinton -
John R Pierce -
Juergen Gotteswinter -
Lanny Marcus -
Les Mikesell -
Lucian -
Ross Walker -
Rudi Ahlers -
Stephen Cox -
Trutwin, Joshua -
William Warren -
yonatan pingle